From eace86409d7195d83deff0c60d3a0af7d6f4db78 Mon Sep 17 00:00:00 2001 From: Paolo Smiraglia Date: Fri, 20 Sep 2019 11:24:43 +0200 Subject: [PATCH] Allow to choose algorithms when creating metadata Signature and digest algorithms can now be selected with the following command line arguments -S (default: http://www.w3.org/2000/09/xmldsig#rsa-sha1) -D (default: http://www.w3.org/2000/09/xmldsig#sha1) Example: $ ../../tools/make_metadata.py \ -s -x /usr/bin/xmlsec1 \ -k pki/mykey.pem -c pki/mycert.pem \ -S http://www.w3.org/2001/04/xmldsig-more#rsa-sha384 \ -D http://www.w3.org/2001/04/xmlenc#sha512 \ sp_conf --- tools/make_metadata.py | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/tools/make_metadata.py b/tools/make_metadata.py index cef5a0991..0b0e94a02 100755 --- a/tools/make_metadata.py +++ b/tools/make_metadata.py @@ -34,6 +34,12 @@ help="xmlsec binaries to be used for the signing") parser.add_argument('-w', dest='wellknown', help="Use wellknown namespace prefixes") +parser.add_argument('-S', dest='signalg', + default='http://www.w3.org/2000/09/xmldsig#rsa-sha1', + help="Algorithm to sign the metadata") +parser.add_argument('-D', dest='digestalg', + default='http://www.w3.org/2000/09/xmldsig#sha1', + help="Algorithm to compute the digest of the metadata") parser.add_argument(dest="config", nargs="+") args = parser.parse_args() @@ -76,7 +82,10 @@ if args.sign: assert conf.key_file assert conf.cert_file - eid, xmldoc = sign_entity_descriptor(eid, args.id, secc) + sign_alg = args.signalg + digest_alg = args.digestalg + eid, xmldoc = sign_entity_descriptor(eid, args.id, secc, sign_alg, + digest_alg) else: xmldoc = None